Gateway Bulletin: Setting Trust Line Quality with SendMax

Mar 16, 2017 | Rome Reginelli

Summary

When you build an automated system to send payments into the Ripple Consensus Ledger (RCL) for your customers, you must make sure that it constructs payments carefully. Malicious actors are constantly trying to find flaws in a system implementation that pays them more money than it should.

Once such flaw was revealed recently, related to setting trust line quality, which affects gateways that use a SendMax value greater than the amount they deliver. This setup could result in a destination account receiving slightly higher (typically less than 1% higher) than the expected amount from the gateway’s account.

Action Recommended

Setting the SendMax value as low as possible and only leaving space for slippage to buffer the transaction from failing

A malicious user can make trust line quality changes in the ledger between when you prepare a transaction and when it is validated in the ledger. To ensure that these changes cannot cause a transaction to cost you more than you expected, it is vital to set the SendMax no higher than the maximum amount you are willing to send.

To reduce the chance of sending a transaction that fails, add the following checks to any transaction that delivers issued currency on a trust line: